Release 5 · Programme pack

Cross-System SoD — Multi-ERP conflict detection

50 conflict patterns spanning multiple ERP and cloud platforms. The fraud paths a single-system review will never see — a user creating a vendor invoice on SAP and releasing the payment on Oracle, posting GL on D365 and approving on NetSuite, granting IAM roles on AWS and clearing audit logs on Azure. This is the Onapsis-parity story.

50Conflict rules

28Business functions

10Platforms covered

N×MPlatform pairs auto

SAP S/4HANA SAP B1 Oracle Fusion Dynamics 365 NetSuite Sage Intacct Sage X3 Sage 300 People AWS Azure

1 How it works

Instead of hard-coding N×M platform-pair rules (which doesn't scale), the engine uses two layers:

Business-function keyword map — for each of 28 business functions (AP_ENTRY, PAYMENT_RELEASE, GL_POSTING, USER_ADMIN, KEY_VAULT_READ, TREASURY_DEAL, etc.), V/ergent maintains the role-name keywords that signal the function on each platform. A new platform plugs in by adding keywords; rules require no change.
Conflict definitions — 50 incompatible-function pairs. Adding a new conflict rule covers all platform combinations automatically.

The engine takes the merged user roster across all selected platforms, finds every user who holds at least one role matching function-A on any platform AND function-B on any other platform, and emits a violation per conflict / user / platform-pair.

2 The 50 conflict rules — by family

Accounts Payable / vendor-side

XSOD-001

AP Invoice Entry + Payment Release across systems

XSOD-002

Vendor Master + Payment Release (bank-detail fraud)

XSOD-003

Vendor Master + AP Invoice Entry (fictitious-vendor scheme)

XSOD-018

AP Invoice Entry + GL Approval across ERPs

XSOD-035

Vendor Master + GL Approval (alt route to fictitious vendor)

XSOD-040

Inventory Adjustment + AP Invoice Entry (phantom-inventory)

XSOD-050

Vendor Master + Inventory Adjustment

Accounts Receivable / customer-side

XSOD-021

AR Receipt + Customer Master (lapping fraud)

XSOD-022

AR Receipt + Credit Limit Authority (channel stuffing)

XSOD-036

Customer Master + AR Receipt (fictitious-customer collection)

General Ledger / period / tax

XSOD-004

GL Journal Entry + GL Approval across systems

XSOD-007

System Admin + Financial Posting

XSOD-019

Role Administration + GL Posting

XSOD-023

Tax Configuration + GL Posting (tax-rate arbitrage)

XSOD-024

Bank Reconciliation + GL Posting (mask discrepancies)

XSOD-027

Posting-Period Open/Close + GL Posting (back-dated entries)

XSOD-031

Backup/Restore Authority + GL Posting (point-in-time fraud)

XSOD-039

Fixed Asset Master + GL Posting (capex/opex manipulation)

Treasury / FX

XSOD-026

Treasury Deal Entry + GL Approval (FX margin extraction)

XSOD-049

Treasury Deal Entry + Payment Release

XSOD-012

Bank Account Master + Payment Release

HR / Payroll

XSOD-009

HR Master + Payroll Payment (ghost-employee fraud)

XSOD-010

HR Master + Payroll Calculation

XSOD-011

Payroll Calculation + Payment Disbursement

XSOD-037

HR Master + GL Posting (mask payroll outflow)

XSOD-038

Payroll Calculation + GL Approval

Identity, role & log tampering

XSOD-005

User Administration + Role Assignment

XSOD-006

System Admin + Audit Log Control

XSOD-008

System Admin + Payment Release

XSOD-020

User Administration + Payment Release

XSOD-025

Audit Log Administration + Data Export

XSOD-028

Data Export + Role Administration

XSOD-033

Role Admin + Audit Log Admin

XSOD-041

System Admin + User Admin (mega-admin)

XSOD-044

User Admin + Audit Log Admin

Cloud-native / multi-cloud

XSOD-015

Cloud Infra Deploy + Cloud Network Admin

XSOD-016

Cloud Secrets Admin + Cloud Infra Deploy

XSOD-017

ERP System Admin + Cloud Infra Admin

XSOD-029

Cloud Secrets Admin + Data Export

XSOD-030

Cloud Infra Deploy + Audit Log Admin

XSOD-032

User Admin + Cloud Network Admin

XSOD-034

Key Rotation + Vault Read on Adjacent Clouds

XSOD-042

Cloud Infra Deploy + Secrets Administration

XSOD-043

Cloud Network Admin + Audit Log Admin

Asset / Inventory

XSOD-013

Fixed Asset Capitalisation + Payment Release

XSOD-014

Inventory Adjustment + Payment Release

PII data-export chains

XSOD-045

GL Posting + Data Export

XSOD-046

Payroll Calc + Data Export (payslip / tax-cert exfiltration)

XSOD-047

HR Master + Data Export (PII exfiltration)

XSOD-048

Customer Master + Data Export

3 What inputs does the engine need?

Cross-system SoD reuses the per-platform user/role exports your normal audit already uploads. Specifically the user_role_matrix.csv (or role_assignments.csv for cloud connectors) from each platform you want included in the cross-system view.

Identity merging happens by matching email / username / employee_id across rosters via audit/enhanced/user_identity.merge_rosters. If a user has different IDs on different platforms but the email matches, they are merged. The engine de-duplicates per (user, conflict, platform-pair) so violations are not double-counted.

4 Framework citations

Every violation carries 13-framework citations

Cross-system SoD specifically maps to: SOX CC6.3 · ISO 27001 A.9.4.1 · A.5.18 · A.8.10 · A.8.20 · NIST PR.AA-04 / PR.AC-04 · DE.AE-04 · COSO 2013 P10 · COBIT APO01.02 · BAI06.01 · DSS05.04 · PCI DSS 7.2 / 11.6 · GDPR Art 32 / 33 · Kenya DPA §41 · DORA Art 9(4)(c) · CIS AWS 3.x / 5.x · CIS Azure 5.x / 8.x · ACFE Occupational Fraud · FATF Trade-Based ML.

5 Where it appears in the V/ergent UI

Cross-system SoD runs as part of every audit run that includes 2+ platforms. Violations appear inline in the run-detail report (separately tagged as Cross-System) and in the dedicated dashboard at /api/cross-system-sod.

Browse the full registry at the Check Packs page — pack cross-system-sod.